From 4431c7acb41983242c7c1ea6e1158100409ecf3d Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Thu, 28 Sep 2023 15:42:42 +1000
Subject: [PATCH 1/7] Replace http with https and fake cert in local VMs

The config is smaller, easier to maintain and covers all local
containers. It also makes sure that we use the real production config
for Nginx and that the local configs don't get out of date.

It does mean that you need to accept an insecure certificate when you
access the website locally but then the connection is encrypted. This
also enables you to test browser behaviour around redirects to https and
security settings only available with https.
---
 inventory/group_vars/all.yml         | 10 +++---
 inventory/group_vars/lexi.yml        | 48 ----------------------------
 inventory/group_vars/local.yml       |  2 ++
 inventory/group_vars/test.yml        | 48 ----------------------------
 inventory/group_vars/vagrant.yml     | 48 ----------------------------
 roles/temporary_proxy/tasks/main.yml |  4 +--
 6 files changed, 10 insertions(+), 150 deletions(-)
 create mode 100644 inventory/group_vars/local.yml

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index e6862f14fb..b7acae6a53 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -254,6 +254,8 @@ retired_core_devs:
 # nginx config
 
 app_root: "{{ current_path }}"
+ssl_certificate: "/etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem"
+ssl_certificate_key:  "/etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem"
 
 nginx_official_repo: True
 
@@ -324,8 +326,8 @@ nginx_sites:
       listen [::]:443 ssl http2;
       server_name www.{{ domain }};
 
-      ssl_certificate      /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem;
-      ssl_certificate_key  /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem;
+      ssl_certificate      {{ ssl_certificate }};
+      ssl_certificate_key  {{ ssl_certificate_key }};
 
       {{ nginx_tls_cipher_suites }}
 
@@ -338,8 +340,8 @@ nginx_sites:
       server_name {{ certbot_domains | default([domain]) | join(' ') }};
       root {{ app_root }}/public;
 
-      ssl_certificate      /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem;
-      ssl_certificate_key  /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem;
+      ssl_certificate      {{ ssl_certificate }};
+      ssl_certificate_key  {{ ssl_certificate_key }};
 
       {{ nginx_tls_cipher_suites }}
 
diff --git a/inventory/group_vars/lexi.yml b/inventory/group_vars/lexi.yml
index de2bba9dfd..5288bceb56 100644
--- a/inventory/group_vars/lexi.yml
+++ b/inventory/group_vars/lexi.yml
@@ -15,51 +15,3 @@ developer_email: admin@example.com
 
 users_sysadmin:
   - "{{ core_devs }}"
-
-# Override default nginx settings because we don't have TLS
-nginx_sites:
-  default:
-    - |
-      listen 80 default_server;
-      listen [::]:80 default_server;
-      server_name  _;
-      add_header X-Content-Type-Options nosniff always;
-      add_header X-Xss-Protection "1; mode=block" always;
-      add_header X-Frame-Options DENY always;
-      add_header Content-Security-Policy "default-src none" always;
-
-  ofn_80:
-    - |
-      listen 80;
-      listen [::]:80;
-      server_name {{ domain }};
-      root {{ app_root }}/public;
-
-      add_header X-Content-Type-Options nosniff always;
-      add_header X-Xss-Protection "1; mode=block" always;
-
-      gzip on;
-      gzip_disable "msie6";
-
-      try_files $uri/index.html $uri @rails;
-      location @rails {
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_redirect off;
-        proxy_pass http://rails;
-      }
-
-      location ~ ^/(assets)/ {
-        gzip_static on;
-        expires max;
-        add_header Cache-Control public;
-        #add_header Last-Modified "";
-        #add_header ETag "";
-      }
-
-      error_page 500 502 503 504 /500.html;
-      client_max_body_size 4G;
-      keepalive_timeout 60;
-
-      include /etc/nginx/sites-available/ofn/*;
diff --git a/inventory/group_vars/local.yml b/inventory/group_vars/local.yml
new file mode 100644
index 0000000000..06358c53e5
--- /dev/null
+++ b/inventory/group_vars/local.yml
@@ -0,0 +1,2 @@
+ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+ssl_certificate_key:  "/etc/ssl/private/ssl-cert-snakeoil.key"
diff --git a/inventory/group_vars/test.yml b/inventory/group_vars/test.yml
index 96b38fdf84..ffabf7eea6 100644
--- a/inventory/group_vars/test.yml
+++ b/inventory/group_vars/test.yml
@@ -13,51 +13,3 @@ timezone: Melbourne
 developer_email: admin@example.com
 
 users_sysadmin: []
-
-# Override default nginx settings because we don't have TLS
-nginx_sites:
-  default:
-    - |
-      listen 80 default_server;
-      listen [::]:80 default_server;
-      server_name  _;
-      add_header X-Content-Type-Options nosniff always;
-      add_header X-Xss-Protection "1; mode=block" always;
-      add_header X-Frame-Options DENY always;
-      add_header Content-Security-Policy "default-src none" always;
-
-  ofn_80:
-    - |
-      listen 80;
-      listen [::]:80;
-      server_name {{ domain }};
-      root {{ app_root }}/public;
-
-      add_header X-Content-Type-Options nosniff always;
-      add_header X-Xss-Protection "1; mode=block" always;
-
-      gzip on;
-      gzip_disable "msie6";
-
-      try_files $uri/index.html $uri @rails;
-      location @rails {
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_redirect off;
-        proxy_pass http://rails;
-      }
-
-      location ~ ^/(assets)/ {
-        gzip_static on;
-        expires max;
-        add_header Cache-Control public;
-        #add_header Last-Modified "";
-        #add_header ETag "";
-      }
-
-      error_page 500 502 503 504 /500.html;
-      client_max_body_size 4G;
-      keepalive_timeout 60;
-
-      include /etc/nginx/sites-available/ofn/*;
diff --git a/inventory/group_vars/vagrant.yml b/inventory/group_vars/vagrant.yml
index 342badfbcd..bfbd93670f 100644
--- a/inventory/group_vars/vagrant.yml
+++ b/inventory/group_vars/vagrant.yml
@@ -17,51 +17,3 @@ developer_email: admin@example.com
 
 users_sysadmin:
   - "{{ core_devs }}"
-
-# Override default nginx settings because we don't have TLS
-nginx_sites:
-  default:
-    - |
-      listen 80 default_server;
-      listen [::]:80 default_server;
-      server_name  _;
-      add_header X-Content-Type-Options nosniff always;
-      add_header X-Xss-Protection "1; mode=block" always;
-      add_header X-Frame-Options DENY always;
-      add_header Content-Security-Policy "default-src none" always;
-
-  ofn_80:
-    - |
-      listen 80;
-      listen [::]:80;
-      server_name {{ domain }};
-      root {{ app_root }}/public;
-
-      add_header X-Content-Type-Options nosniff always;
-      add_header X-Xss-Protection "1; mode=block" always;
-
-      gzip on;
-      gzip_disable "msie6";
-
-      try_files $uri/index.html $uri @rails;
-      location @rails {
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_redirect off;
-        proxy_pass http://rails;
-      }
-
-      location ~ ^/(assets)/ {
-        gzip_static on;
-        expires max;
-        add_header Cache-Control public;
-        #add_header Last-Modified "";
-        #add_header ETag "";
-      }
-
-      error_page 500 502 503 504 /500.html;
-      client_max_body_size 4G;
-      keepalive_timeout 60;
-
-      include /etc/nginx/sites-available/ofn/*;
diff --git a/roles/temporary_proxy/tasks/main.yml b/roles/temporary_proxy/tasks/main.yml
index 65b091e0b3..597eb05327 100644
--- a/roles/temporary_proxy/tasks/main.yml
+++ b/roles/temporary_proxy/tasks/main.yml
@@ -25,8 +25,8 @@
           server_name {{ certbot_domains | default([domain]) | join(' ') }};
           access_log off;
 
-          ssl_certificate      /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem;
-          ssl_certificate_key  /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem;
+          ssl_certificate      {{ ssl_certificate }};
+          ssl_certificate_key  {{ ssl_certificate_key }};
 
           location / {
             proxy_pass https://{{ proxy_target }};

From fe83ee45b398ada0731ad630d78cd0cf806910a8 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Thu, 28 Sep 2023 15:55:56 +1000
Subject: [PATCH 2/7] Remove outdated scripts for development setup

We state in the Readme that ofn-install is meant for setting up staging
and production servers. The openfoodnetwork repository has instructions
for development setups.

Our deploy scripts assume staging or production and fail if the
environment is set to development. It makes the code easier.
---
 .devenv                                      | 26 --------
 inventory/group_vars/local.yml               |  2 +
 inventory/host_vars/local_lexi/config.yml    |  1 -
 inventory/host_vars/local_test/config.yml    |  1 -
 inventory/host_vars/local_vagrant/config.yml |  1 -
 inventory/host_vars/ofn.local/config.yml     |  1 -
 playbooks/development.yml                    | 64 --------------------
 scripts/config/lxc.cfg                       | 10 ---
 scripts/db-setup.sh                          | 21 -------
 scripts/provisioning-dev.sh                  | 29 ---------
 10 files changed, 2 insertions(+), 154 deletions(-)
 delete mode 100644 .devenv
 delete mode 100644 playbooks/development.yml
 delete mode 100644 scripts/config/lxc.cfg
 delete mode 100644 scripts/db-setup.sh
 delete mode 100755 scripts/provisioning-dev.sh

diff --git a/.devenv b/.devenv
deleted file mode 100644
index 40cfb67e25..0000000000
--- a/.devenv
+++ /dev/null
@@ -1,26 +0,0 @@
-# Installation steps:
-#
-# Clone https://github.com/coopdevs/devenv and install it. Then, from the
-# ofn-install's directory, execute devenv.
-#
-# Now, execute playbooks/setup.yml which will create ofn-admin and add your ssk
-# key to it. Note you must be in the core_devs list.
-#
-# Once done you can execute playbooks/development.yml to have a development box
-# or play with playbooks/provisioning.yml if you prefer.
-
-NAME="ofn"
-DISTRIBUTION="ubuntu"
-RELEASE="xenial"
-ARCH="amd64"
-HOST="ofn.local"
-
-DEVENV_USER="openfoodnetwork"
-DEVENV_GROUP="openfoodnetwork"
-
-PROJECT_NAME="openfoodnetwork"
-PROJECT_PATH="${PWD%/*}/$PROJECT_NAME"
-
-# Select the python interpeter python2.7 or python3
-PYTHON_INTERPRETER=python3
-
diff --git a/inventory/group_vars/local.yml b/inventory/group_vars/local.yml
index 06358c53e5..b8ec577a1c 100644
--- a/inventory/group_vars/local.yml
+++ b/inventory/group_vars/local.yml
@@ -1,2 +1,4 @@
+rails_env: "staging"
+
 ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
 ssl_certificate_key:  "/etc/ssl/private/ssl-cert-snakeoil.key"
diff --git a/inventory/host_vars/local_lexi/config.yml b/inventory/host_vars/local_lexi/config.yml
index d903f60aa4..3a9df0c566 100644
--- a/inventory/host_vars/local_lexi/config.yml
+++ b/inventory/host_vars/local_lexi/config.yml
@@ -1,7 +1,6 @@
 ---
 
 domain: localhost
-rails_env: development
 
 admin_email: admin@example.com
 mail_domain: example.com
diff --git a/inventory/host_vars/local_test/config.yml b/inventory/host_vars/local_test/config.yml
index a3892df0c3..bd31c8f18e 100644
--- a/inventory/host_vars/local_test/config.yml
+++ b/inventory/host_vars/local_test/config.yml
@@ -2,7 +2,6 @@
 
 domain: localhost
 host_id: ofn-test
-rails_env: development
 
 admin_email: admin@example.com
 mail_domain: example.com
diff --git a/inventory/host_vars/local_vagrant/config.yml b/inventory/host_vars/local_vagrant/config.yml
index 014dc87763..9655cee444 100644
--- a/inventory/host_vars/local_vagrant/config.yml
+++ b/inventory/host_vars/local_vagrant/config.yml
@@ -1,7 +1,6 @@
 ---
 
 domain: localhost
-rails_env: development
 
 admin_email: admin@example.com
 mail_domain: example.com
diff --git a/inventory/host_vars/ofn.local/config.yml b/inventory/host_vars/ofn.local/config.yml
index d1f9864f0e..58c8492992 100644
--- a/inventory/host_vars/ofn.local/config.yml
+++ b/inventory/host_vars/ofn.local/config.yml
@@ -1,7 +1,6 @@
 ---
 
 domain: localhost
-rails_env: development
 
 admin_email: admin@example.com
 mail_domain: example.com
diff --git a/playbooks/development.yml b/playbooks/development.yml
deleted file mode 100644
index 7d7ac09eb2..0000000000
--- a/playbooks/development.yml
+++ /dev/null
@@ -1,64 +0,0 @@
----
-# Note that by relying on this playbook you will end up with a development
-# environment that uses some of roles we use for live instances. You won't have
-# Nginx and you will have to manually start the rails running `bundle
-# exec rails server`.
-#
-# Also, there are a number of things you will need to do manually such as
-# creating the development database with `bundle exec rake db:create` as you
-# would do on your host without containers.
-
-- name: provision
-  hosts: ofn_servers
-  remote_user: "{{ user }}"
-  roles:
-    - role: app_user # Create unprivileged user for the app
-      tags: app_user
-
-    - role: common # Install common apps and libraries, and setup shell.
-      tags: common
-
-    - role: language # Setup locale.
-      tags: language
-
-    - role: zzet.rbenv # Install ruby. If missing run: ansible-galaxy install zzet.rbenv
-      rbenv:
-        env: user
-        version: v1.0.0
-        default_ruby: "{{ ruby_version }}"
-        rubies:
-          - version: "{{ ruby_version }}"
-
-      rbenv_users:
-        - "{{ app_user }}"
-      tags: ruby
-
-    - role: dbserver # Set up database server and user for the app.
-      become: yes
-      become_user: root
-      tags: dbserver
-      db_user_roles: SUPERUSER,CREATEDB
-
-    - role: datadog
-      become: yes
-      tags: datadog
-
-  tasks:
-    - name: install bundler
-      # This needs to be run inside a bash shell to initialise rbenv
-      # See http://stackoverflow.com/questions/22115936/install-bundler-gem-using-ansible
-      command: bash -lc "./script/install-bundler --no-ri --no-rdoc"
-      args:
-        chdir: /opt/openfoodnetwork
-      register: bundler
-      changed_when: bundler.stdout | length > 0
-      become: yes
-      become_user: "{{ app_user }}"
-      tags: bundler
-
-  vars:
-    ansible_python_interpreter: /usr/bin/python2.7
-    language_packages:
-      - language-pack-en-base
-    language: en_US.UTF-8
-    users_sysadmin: []
diff --git a/scripts/config/lxc.cfg b/scripts/config/lxc.cfg
deleted file mode 100644
index 4ea6b8b89a..0000000000
--- a/scripts/config/lxc.cfg
+++ /dev/null
@@ -1,10 +0,0 @@
-# Vars to use in lxc-create
-name="ofn-dev"
-template="/usr/share/lxc/templates/lxc-ubuntu"
-rls="xenial"
-lxc_config="/tmp/ubuntu.$name.conf"
-host="local.ofn.org"
-project_name="openfoodnetwork"
-project_path="${PWD%/*}/$project_name"
-app_user="openfoodnetwork"
-ssh_path="/.ssh/id_rsa.pub"
diff --git a/scripts/db-setup.sh b/scripts/db-setup.sh
deleted file mode 100644
index d77a9187cc..0000000000
--- a/scripts/db-setup.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-# Createded date: 21/03/2016
-
-# Flags
-set -e
-
-bundle="$PWD/.rbenv/shims/bundle"
-
-cd openfoodnetwork/
-echo "Copy example config/application.yml"
-cp -n config/application.yml.example config/application.yml
-echo "Installing ruby application and gem dependencies"
-"$bundle" install
-echo "Doing the database setup..."
-"$bundle" exec rake db:setup << EOF
-spree@example.com
-spree123
-EOF
-echo
-echo "Load default data for development environment..."
-"$bundle" exec rake ofn:dev:load_sample_data
diff --git a/scripts/provisioning-dev.sh b/scripts/provisioning-dev.sh
deleted file mode 100755
index 43a8a841bb..0000000000
--- a/scripts/provisioning-dev.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-# Createded date: 21/03/2016
-
-# Flags
-set -e
-
-# External files
-# Get cfg values
-source "$PWD/scripts/config/lxc.cfg"
-# Check if container exist
-# Install python2.7 in container:
-echo "Installing Python2.7"
-sudo lxc-attach -n "$name" -- sudo apt update
-sudo lxc-attach -n "$name" -- sudo apt install -y python2.7
-echo
-# Install the community role dependencies of the playbooks
-echo "Installing ansible community dependencies of playbooks"
-bin/setup
-echo
-# Execute playbook development.yml:
-echo "Ansible playbooks"
-ansible-playbook playbooks/default_user.yml -i "$PWD/inventory/dev" --limit=lxc -e "ssh_key_path=$ssh_path ansible_python_interpreter=/usr/bin/python2.7"
-ansible-playbook playbooks/development.yml -u openfoodnetwork -i "$PWD/inventory/dev" -e 'ansible_python_interpreter=/usr/bin/python2.7' --limit=lxc --ask-sudo-pass
-echo "Provision OK!"
-echo
-echo "Accessing $host with user $app_user to install bundle dependencies and setup db"
-ssh "$app_user"@"$host" "bash -s" < "$PWD/scripts/db-setup.sh"
-
-echo "Databases ready!"

From daf135796281aebde78aaa05412647b57f522924 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Thu, 28 Sep 2023 16:05:11 +1000
Subject: [PATCH 3/7] DRY local group config

---
 inventory/group_vars/lexi.yml    | 17 -----------------
 inventory/group_vars/local.yml   | 16 ++++++++++++++++
 inventory/group_vars/lxc.yml     | 17 -----------------
 inventory/group_vars/test.yml    | 15 ---------------
 inventory/group_vars/vagrant.yml | 19 -------------------
 5 files changed, 16 insertions(+), 68 deletions(-)
 delete mode 100644 inventory/group_vars/lexi.yml
 delete mode 100644 inventory/group_vars/lxc.yml
 delete mode 100644 inventory/group_vars/test.yml
 delete mode 100644 inventory/group_vars/vagrant.yml

diff --git a/inventory/group_vars/lexi.yml b/inventory/group_vars/lexi.yml
deleted file mode 100644
index 5288bceb56..0000000000
--- a/inventory/group_vars/lexi.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info
-checkout_zone: Australia
-country_code: AU
-currency: AUD
-locale: en
-language: en_AU.UTF-8
-language_packages:
-  - language-pack-en-base
-l10n_repo: https://github.com/openfoodfoundation/l10n_au.git
-timezone: Melbourne
-
-developer_email: admin@example.com
-
-users_sysadmin:
-  - "{{ core_devs }}"
diff --git a/inventory/group_vars/local.yml b/inventory/group_vars/local.yml
index b8ec577a1c..a1c7490a79 100644
--- a/inventory/group_vars/local.yml
+++ b/inventory/group_vars/local.yml
@@ -2,3 +2,19 @@ rails_env: "staging"
 
 ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
 ssl_certificate_key:  "/etc/ssl/private/ssl-cert-snakeoil.key"
+
+# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info
+checkout_zone: Australia
+country_code: AU
+currency: AUD
+locale: en
+language: en_AU.UTF-8
+language_packages:
+  - language-pack-en-base
+l10n_repo: https://github.com/openfoodfoundation/l10n_au.git
+timezone: Melbourne
+
+developer_email: admin@example.com
+
+users_sysadmin:
+  - "{{ core_devs }}"
diff --git a/inventory/group_vars/lxc.yml b/inventory/group_vars/lxc.yml
deleted file mode 100644
index 5288bceb56..0000000000
--- a/inventory/group_vars/lxc.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info
-checkout_zone: Australia
-country_code: AU
-currency: AUD
-locale: en
-language: en_AU.UTF-8
-language_packages:
-  - language-pack-en-base
-l10n_repo: https://github.com/openfoodfoundation/l10n_au.git
-timezone: Melbourne
-
-developer_email: admin@example.com
-
-users_sysadmin:
-  - "{{ core_devs }}"
diff --git a/inventory/group_vars/test.yml b/inventory/group_vars/test.yml
deleted file mode 100644
index ffabf7eea6..0000000000
--- a/inventory/group_vars/test.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-checkout_zone: Australia
-country_code: AU
-currency: AUD
-locale: en
-language: en_AU.UTF-8
-language_packages:
-  - language-pack-en-base
-l10n_repo: https://github.com/openfoodfoundation/l10n_au.git
-timezone: Melbourne
-
-developer_email: admin@example.com
-
-users_sysadmin: []
diff --git a/inventory/group_vars/vagrant.yml b/inventory/group_vars/vagrant.yml
deleted file mode 100644
index bfbd93670f..0000000000
--- a/inventory/group_vars/vagrant.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-
-# Adjust these settings locally to deploy different data to your Vagrant box
-
-# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info
-checkout_zone: Australia
-country_code: AU
-currency: AUD
-locale: en
-language: en_AU.UTF-8
-language_packages:
-  - language-pack-en-base
-l10n_repo: https://github.com/openfoodfoundation/l10n_au.git
-timezone: Melbourne
-
-developer_email: admin@example.com
-
-users_sysadmin:
-  - "{{ core_devs }}"

From 3c9418dcb7ff61c19b8cda843d7e2ad6b6c9bdfa Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Thu, 28 Sep 2023 16:10:40 +1000
Subject: [PATCH 4/7] DRY config of local hosts

It can be the same for every local host. I also updated some values to
be the same as in the openfoodnetwork development environment.
---
 inventory/group_vars/local.yml               | 18 +++++++++++++++
 inventory/host_vars/local_lexi/config.yml    | 17 ---------------
 inventory/host_vars/local_test/config.yml    | 23 --------------------
 inventory/host_vars/local_vagrant/config.yml | 17 ---------------
 inventory/host_vars/ofn.local/config.yml     | 18 ---------------
 5 files changed, 18 insertions(+), 75 deletions(-)
 delete mode 100644 inventory/host_vars/local_lexi/config.yml
 delete mode 100644 inventory/host_vars/local_test/config.yml
 delete mode 100644 inventory/host_vars/local_vagrant/config.yml
 delete mode 100644 inventory/host_vars/ofn.local/config.yml

diff --git a/inventory/group_vars/local.yml b/inventory/group_vars/local.yml
index a1c7490a79..e46eb49c4e 100644
--- a/inventory/group_vars/local.yml
+++ b/inventory/group_vars/local.yml
@@ -18,3 +18,21 @@ developer_email: admin@example.com
 
 users_sysadmin:
   - "{{ core_devs }}"
+
+# Test host configuration
+# This is usually set in the host config but the same for all local containers.
+domain: localhost
+
+admin_email: ofn@example.com
+mail_domain: example.com
+
+# Add missing vars to emulate /local_vagrant/secrets.yml
+db_password: 'f00d'
+admin_password: 'ofn123'
+secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365'
+google_maps_api_key: 'xxx'
+
+mail_host: 'example.com'
+mail_port: 25
+smtp_username: 'admin'
+smtp_password: 'password'
diff --git a/inventory/host_vars/local_lexi/config.yml b/inventory/host_vars/local_lexi/config.yml
deleted file mode 100644
index 3a9df0c566..0000000000
--- a/inventory/host_vars/local_lexi/config.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-domain: localhost
-
-admin_email: admin@example.com
-mail_domain: example.com
-
-# Add missing vars to emulate secrets.yml
-db_password: 'lexi123'
-admin_password: 'spree123'
-secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365'
-google_maps_api_key: 'xxx'
-
-mail_host: 'example.com'
-mail_port: 25
-smtp_username: 'admin'
-smtp_password: 'password'
diff --git a/inventory/host_vars/local_test/config.yml b/inventory/host_vars/local_test/config.yml
deleted file mode 100644
index bd31c8f18e..0000000000
--- a/inventory/host_vars/local_test/config.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-domain: localhost
-host_id: ofn-test
-
-admin_email: admin@example.com
-mail_domain: example.com
-
-
-# Add missing vars to emulate secrets.yml
-
-db_password: 'test123'
-admin_password: 'spree123'
-secret_token: '522a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365'
-google_maps_api_key: 'xxx'
-
-mail_host: 'example.com'
-mail_port: 25
-smtp_username: 'admin'
-smtp_password: 'password'
-
-rbenv_extra_depends: []
-ruby_compile_options: ""
diff --git a/inventory/host_vars/local_vagrant/config.yml b/inventory/host_vars/local_vagrant/config.yml
deleted file mode 100644
index 9655cee444..0000000000
--- a/inventory/host_vars/local_vagrant/config.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-domain: localhost
-
-admin_email: admin@example.com
-mail_domain: example.com
-
-# Add missing vars to emulate /local_vagrant/secrets.yml
-db_password: 'vagrant123'
-admin_password: 'spree123'
-secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365'
-google_maps_api_key: 'xxx'
-
-mail_host: 'example.com'
-mail_port: 25
-smtp_username: 'admin'
-smtp_password: 'password'
diff --git a/inventory/host_vars/ofn.local/config.yml b/inventory/host_vars/ofn.local/config.yml
deleted file mode 100644
index 58c8492992..0000000000
--- a/inventory/host_vars/ofn.local/config.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-domain: localhost
-
-admin_email: admin@example.com
-mail_domain: example.com
-
-# Add missing vars to emulate secrets.yml
-db_password: 'lxc123'
-admin_password: 'spree123'
-secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365'
-google_maps_api_key: 'xxx'
-
-mail_host: 'example.com'
-mail_port: 25
-smtp_username: 'admin'
-smtp_password: 'password'
-

From a84e8b60663ba829ea60600baacf4db5fc97487f Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Thu, 28 Sep 2023 16:17:26 +1000
Subject: [PATCH 5/7] Add linting script for easy use

---
 bin/lint | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100755 bin/lint

diff --git a/bin/lint b/bin/lint
new file mode 100755
index 0000000000..f3eae50041
--- /dev/null
+++ b/bin/lint
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ansible-lint site.yml playbooks/*.yml --exclude community

From 69808260082649b3c65713109226fc5cf2d42153 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Mon, 2 Oct 2023 11:55:44 +1100
Subject: [PATCH 6/7] Update comments in local container config

Thanks to David.

[skip ci]
---
 inventory/group_vars/local.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/inventory/group_vars/local.yml b/inventory/group_vars/local.yml
index e46eb49c4e..ea6fa44cc0 100644
--- a/inventory/group_vars/local.yml
+++ b/inventory/group_vars/local.yml
@@ -19,14 +19,16 @@ developer_email: admin@example.com
 users_sysadmin:
   - "{{ core_devs }}"
 
-# Test host configuration
-# This is usually set in the host config but the same for all local containers.
+# *** Test host configuration ***
+#
+# This is usually set in the host config but it's the same for all local
+# containers.
 domain: localhost
 
 admin_email: ofn@example.com
 mail_domain: example.com
 
-# Add missing vars to emulate /local_vagrant/secrets.yml
+# Add missing vars to emulate secrets.yml
 db_password: 'f00d'
 admin_password: 'ofn123'
 secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365'

From d071bab9a3ad6ce26d77fce6fea44164f596aeb7 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Mon, 2 Oct 2023 11:56:59 +1100
Subject: [PATCH 7/7] Remove unused variable

[skip ci]
---
 inventory/group_vars/all.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index b7acae6a53..b7115a9e0a 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -86,7 +86,6 @@ multiredis_instances:
 #----------------------------------------------------------------------
 # Database variables
 db: openfoodnetwork
-test_db: ofn_test
 db_user: ofn_user
 db_host: localhost
 postgres_encoding: en_US.utf8